CBIZ KA notified nine Prime Healthcare hospitals that some of their patient data was caught up in the #MOVEit#databreach. As I report this morning on databreaches.net, here are the 9 hospitals:
Saint Michael’s Medical Center,
Roxborough Memorial Hospital,
Garden City Hospital,
Landmark Medical Center,
Lower Bucks Hospital,
Saint Clare's Hospital,
Lake Huron Medical Center,
St. Mary's General Hospital, and
Suburban Community Hospital
According to a spokesperson for Prime Healthcare, it was just these hospitals and not any of their other 36 hospitals or more than 300 outpatient locations in 14 states.
This week, Nuance (a MSFT-owned tech firm) disclosed a number of their clients who are HIPAA-covered entities were affected by the MOVEit breach. They did not reveal numbers and their disclosure is not on HHS's public breach tool yet.
RiteAid was just one of many victims of the #MOVEit#databreach by #Clop. Now they're being sued by plaintiffs who call them "reckless" and "negligent" for not having encrypted the protected health information.
Imagine if every covered entity or business associate who didn't encrypt #PHI got hacked was sued over a vendor breach.
In this day and age where healthcare entities are under siege, is it somewhat reckless or negligent not to encrypt? And if not, will it ever be generally considered reckless and negligent?
Clop just removed Maximus - which provides IT for Medicaid, Medicare and more gov't programs - after the company confirmed 10 million people may have had their info accessed
Deloitte confirmed to me that they were affected: "Our analysis determined that our global network use of the vulnerable MOVEit Transfer software is limited. Having conducted our analysis, we have seen no evidence of impact to client data."
"Immediately upon becoming aware of this zero-day vulnerability, Deloitte applied the vendor’s security updates and performed mitigating actions in accordance with the vendor’s guidance."
According to Emsisoft, there are now more than 500 victims.
"Hackers have compromised the personal data of more than 15.5 million individuals by exploiting a security vulnerability in the MOVEit file transfer tool, and the number of victim organizations continues to grow" https://techcrunch.com/2023/06/29/millions-affected-moveit-mass-hacks/
The MOVEit Transfer extortion attacks continue to dominate the news cycle, with the Clop ransomware operation now extorting organizations breached in the attacks.
The Clop ransomware gang issued an ultimatum with a June 14 deadline in a recent large-scale hack of payroll data
The Clop group has been blamed for the breach that saw payroll data of more than 100,000 staff stolen at firms including the BBC, British Airways and high street pharmacy Boots
BlackCat, Clop claim ransomware attack on cosmetics maker Estee Lauder (therecord.media)
U.S. cosmetics manufacturer Estee Lauder has suffered a cyberattack, the company confirmed on Tuesday.